package net.sxnic.item;

import net.sxnic.item.ucenter.UcenterService;
import net.sxnic.ugr.UgrActionSupport;
import net.sxnic.ugr.context.AppContext;
import net.sxnic.ugr.security.UnauthorizedException;
import net.sxnic.ugr.user.User;

import org.springframework.beans.factory.annotation.Autowired;

@SuppressWarnings("serial")
public class ItemActionSupport extends UgrActionSupport {

	@Autowired
	protected UcenterService ucenterService;

	/**
	 * 验证当前用户是否有roles中包含的权限
	 * 
	 * @param roles
	 */
	protected void checkRoles(String... roles) {

		User user = ucenterService.findUserByUserName(AppContext
				.getUserName(request));

		for (String r : roles) {
			if (!ucenterService.isUserInRole(user, r)) {
				notAuthorized();
			}
		}
	}

	protected void notAuthorized() {
		throw new UnauthorizedException();
	}
}
